Cisco Umbrella SAML Integration – NetIQ Integration Instructions

Cisco Umbrella SAML Integration for NetIQ – Overview

This article is specific to configuring Cisco Umbrella to integrate with NetIQ for Single Sign-on (SSO) with SAML. Configuring SAML with NetIQ differs from our other SAML integrations as it's not a one or two click process in the wizard, but requires changes in NetIQ to work correctly.

Below are detailed modifications you will need to make in order to get SAML and NetIQ working together. As such, the information below is provided "as is" and was developed in conjunction with existing customers. Available support for this solution is limited and Cisco Umbrella support is unable to assist beyond the general outline given here.

Prerequisites

You can find steps to get through the initial SAML setup here. Once you complete those steps which include downloading the Cisco Umbrella metadata, you can continue using the NetIQ specific instructions below to complete the configuration.

The metadata can be found in the Cisco Umbrella SAML setup wizard under step 2 (Settings > Authentication > SAML)

How To

Import Metadata and Cisco Umbrella Certificate

First, open the Cisco Umbrella metadata (downloaded in the prerequisites) in a text editor and extract the X509 certificate. The certificate begins with ds:X509Certificate and ends with /ds:X509Certificate - just copy from the very beginning to the end.

Save this new file as CiscoUmbrella.cer.

Next, we'll want to convert the x509 certificate to PKCS7 / PEM. Methods for this vary, but this command should do the trick: